… Red Hat packages backdoored through GitHub compromise According to Aikido, the attackers allegedly compromised a Red Hat employee's GitHub account and used it to push malicious commits directly to multiple repositories. …
Grafana says stolen GitHub token let hackers steal codebase By Bill Toulas May 18, 2026 09:46 AM Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. …
… BleepingComputer has contacted Microsoft about the new zero-day and will update the story if we receive a statement. …
… However, BleepingComputer could not confirm the authenticity of the data. …
… BleepingComputer's analysis of the Windows infostealer shows it is named 'DebugElevator' and designed to target Chrome, Brave, and Edge, and extract App-Bound Encryption keys needed to decrypt stored browser credentials. …
… "We are investigating unauthorized access to GitHub's internal repositories," GitHub told BleepingComputer when asked for further details. …
… The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far." This comes after GitHub told BleepingComputer on Tuesday evening that it was investigating claims of unauthorized access to its internal repositories and added that it has no evidence t… …
… BleepingComputer contacted Microsoft about this additional zero-day and will update this story if we receive a response. …
… The parallel to ransomware is the operational downtime window, not data loss," Dvash told BleepingComputer. …
… GitHub revealed the breach on Tuesday, saying it was investigating claims of unauthorized access to its internal repositories and telling BleepingComputer that the incident resulted from an employee installing a malicious Visual Studio Code VS Code extension, without disclosing the extension's name. …
